Miscellaneous plugins not yet categorized.
| Plugin/Function | Type | Description |
|---|---|---|
| alert | Function | Generate an alert message |
| all | Function | Returns TRUE if all items are true |
| any | Function | Returns TRUE if any items are true |
| artifact_set_metadata | Function | Sets metadata about the artifact |
| backup | Plugin | Generates a backup file |
| backup_restore | Plugin | Restore state from a backup file |
| base85decode | Function | Decode a base85 encoded string |
| client_create | Function | Create a new client in the data store |
| create_notebook_download | Function | Creates a notebook export zip file |
| delay | Plugin | Executes ‘query’ and delays relaying the rows by the specified number of seconds |
| delete_events | Plugin | Delete all the files that make up a flow |
| delete_flow | Plugin | Delete all the files that make up a flow |
| efivariables | Plugin | Enumerate efi variables |
| entropy | Function | Calculates shannon scale entropy of a string |
| etw_sessions | Plugin | Enumerates all active ETW sessions |
| eval | Function | Evaluate a vql lambda function on the current scope |
| flow_logs | Plugin | Retrieve the query logs of a flow |
| get_flow | Function | Gets flow details |
| gunzip | Function | Uncompress a gzip-compressed block of data |
| host | Function | Perform a DNS resolution |
| hunt_delete | Plugin | Delete a hunt |
| hunt_update | Function | Update a hunt |
| import | Function | Imports an artifact into the current scope |
| leveldb | Plugin | Enumerate all items in a level db database |
| logging | Plugin | Watch the logs emitted by the server |
| logscale_upload | Plugin | Upload rows to LogScale ingestion server |
| lru | Function | Creates an LRU object |
| lzxpress_decompress | Function | Decompress an lzxpress blob |
| Function | Send Email to a remote server | |
| mock_clear | Function | Resets all mocks |
| mock_replay | Function | Replay recorded calls on a mock |
| monitoring_logs | Plugin | Retrieve log messages from client event monitoring for the specified client id and artifact |
| notebook_create | Function | Create a new notebook |
| notebook_export | Function | Exports a notebook to a zip file or HTML |
| notebook_get | Function | Get a notebook |
| notebook_update_cell | Function | Update a notebook cell |
| org | Function | Return the details of the current org |
| org_create | Function | Creates a new organization |
| org_delete | Function | Deletes an Org from the server |
| orgs | Plugin | Retrieve the list of orgs on this server |
| passwd | Function | Updates the user’s password |
| pe_dump | Function | Dump a PE file from process memory |
| pk_decrypt | Function | Decrypt files using pubkey encryption |
| pk_encrypt | Function | Encrypt files using pubkey encryption |
| process_tracker | Function | Install a global process tracker |
| process_tracker_all | Function | Get all processes stored in the tracker |
| process_tracker_callchain | Function | Get a call chain from the global process tracker |
| process_tracker_children | Function | Get all children of a process |
| process_tracker_get | Function | Get a single process from the global tracker |
| process_tracker_pslist | Plugin | List all processes from the process tracker |
| process_tracker_tree | Function | Get the full process tree under the process id |
| process_tracker_updates | Plugin | Get the process tracker update events from the global process tracker |
| profile_goroutines | Plugin | Enumerates all running goroutines |
| profile_memory | Plugin | Enumerates all in use memory within the runtime |
| pskill | Function | Kill the specified process |
| query | Plugin | Evaluate a VQL query |
| read_crypto_file | Plugin | Read a previously stored encrypted local storage file |
| rekey | Function | Causes the client to rekey and regenerate a new client ID |
| remap | Function | Apply a remapping configuration to the root scope |
| repack | Function | Repack and upload a repacked binary or MSI to the server |
| server_frontend_cert | Function | Get Server Frontend Certificate |
| sigma | Plugin | Evaluate sigma rules |
| sigma_log_sources | Function | Constructs a Log sources object to be used in sigma rules |
| stat | Function | Get file information |
| sysinfo | Function | Collect system information on Linux clients |
| tlsh_hash | Function | Calculate the tlsh hash of a file |
| trace | Function | Upload a trace file |
| upload_azure | Function | Upload files to Azure Blob Storage Service |
| upload_smb | Function | Upload files using the SMB file share protocol |
| user | Function | Retrieves information about the Velociraptor user |
| user_grant | Function | Grants the user the specified roles |
| vfs_ls | Plugin | List directory and build a VFS object |
| watch_jsonl | Plugin | Watch a jsonl file and stream events from it |
| write_crypto_file | Plugin | Write a query into an encrypted local storage file |
| write_jsonl | Plugin | Write a query into a JSONL file |
| xattr | Function | Query a file for the specified extended attribute |